CVE-2026-20433: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of

Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

Affected Products

Vendor	Product	Versions
mediatek	mediatek chipset	MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893

References

https://corp.mediatek.com/product-security-bulletin/April-2026

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-20433 | MediaTek MT8893 Base Station out-of-bounds write (MSV-4460)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-787

PublishedApr 7, 2026

Last enriched6h agov2

Trending Score30

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

CVE-2026-20433: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History